person:mark klein

  • The NSA’s Hidden Spy Hubs in Eight U.S. Cities
    https://theintercept.com/2018/06/25/att-internet-nsa-spy-hubs

    The NSA considers AT&T to be one of its most trusted partners and has lauded the company’s “extreme willingness to help.” It is a collaboration that dates back decades. Little known, however, is that its scope is not restricted to AT&T’s customers. According to the NSA’s documents, it values AT&T not only because it “has access to information that transits the nation,” but also because it maintains unique relationships with other phone and internet providers. The NSA exploits these relationships for surveillance purposes, commandeering AT&T’s massive infrastructure and using it as a platform to covertly tap into communications processed by other companies.

    It is an efficient point to conduct internet surveillance, Klein said, “because the peering links, by the nature of the connections, are liable to carry everybody’s traffic at one point or another during the day, or the week, or the year.”

    Christopher Augustine, a spokesperson for the NSA, said in a statement that the agency could “neither confirm nor deny its role in alleged classified intelligence activities.” Augustine declined to answer questions about the AT&T facilities, but said that the NSA “conducts its foreign signals intelligence mission under the legal authorities established by Congress and is bound by both policy and law to protect U.S. persons’ privacy and civil liberties.”

    Jim Greer, an AT&T spokesperson, said that AT&T was “required by law to provide information to government and law enforcement entities by complying with court orders, subpoenas, lawful discovery requests, and other legal requirements.” He added that the company provides “voluntary assistance to law enforcement when a person’s life is in danger and in other immediate, emergency situations. In all cases, we ensure that requests for assistance are valid and that we act in compliance with the law.”

    Dave Schaeffer, CEO of Cogent Communications, told The Intercept that he had no knowledge of the surveillance at the eight AT&T buildings, but said he believed “the core premise that the NSA or some other agency would like to look at traffic … at an AT&T facility.” He said he suspected that the surveillance is likely carried out on “a limited basis,” due to technical and cost constraints. If the NSA were trying to “ubiquitously monitor” data passing across AT&T’s networks, Schaeffer added, he would be “extremely concerned.”

    An estimated 99 percent of the world’s intercontinental internet traffic is transported through hundreds of giant fiber optic cables hidden beneath the world’s oceans. A large portion of the data and communications that pass across the cables is routed at one point through the U.S., partly because of the country’s location – situated between Europe, the Middle East, and Asia – and partly because of the pre-eminence of American internet companies, which provide services to people globally.

    The NSA calls this predicament “home field advantage” – a kind of geographic good fortune. “A target’s phone call, email, or chat will take the cheapest path, not the physically most direct path,” one agency document explains. “Your target’s communications could easily be flowing into and through the U.S.”

    Once the internet traffic arrives on U.S. soil, it is processed by American companies. And that is why, for the NSA, AT&T is so indispensable. The company claims it has one of the world’s most powerful networks, the largest of its kind in the U.S. AT&T routinely handles masses of emails, phone calls, and internet chats. As of March 2018, some 197 petabytes of data – the equivalent of more than 49 trillion pages of text, or 60 billion average-sized mp3 files – traveled across its networks every business day.

    The NSA documents, which come from the trove provided to The Intercept by the whistleblower Edward Snowden, describe AT&T as having been “aggressively involved” in aiding the agency’s surveillance programs. One example of this appears to have taken place at the eight facilities under a classified initiative called SAGUARO.

    In October 2011, the Foreign Intelligence Surveillance Court, which approves the surveillance operations carried out under Section 702 of FISA, found that there were “technological limitations” with the agency’s internet eavesdropping equipment. It was “generally incapable of distinguishing” between some kinds of data, the court stated. As a consequence, Judge John D. Bates ruled, the NSA had been intercepting the communications of “non-target United States persons and persons in the United States,” violating Fourth Amendment protections against unreasonable searches and seizures. The ruling, which was declassified in August 2013, concluded that the agency had acquired some 13 million “internet transactions” during one six-month period, and had unlawfully gathered “tens of thousands of wholly domestic communications” each year.

    The root of the issue was that the NSA’s technology was not only targeting communications sent to and from specific surveillance targets. Instead, the agency was sweeping up people’s emails if they had merely mentioned particular information about surveillance targets.

    A top-secret NSA memo about the court’s ruling, which has not been disclosed before, explained that the agency was collecting people’s messages en masse if a single one were found to contain a “selector” – like an email address or phone number – that featured on a target list.

    Information provided by a second former AT&T employee adds to the evidence linking the Atlanta building to NSA surveillance. Mark Klein, a former AT&T technician, alleged in 2006 that the company had allowed the NSA to install surveillance equipment in some of its network hubs. An AT&T facility in Atlanta was one of the spy sites, according to documents Klein presented in a court case over the alleged spying. The Atlanta facility was equipped with “splitter” equipment, which was used to make copies of internet traffic as AT&T’s networks processed it. The copied data would then be diverted to “SG3” equipment – a reference to “Study Group 3” – which was a code name AT&T used for activities related to NSA surveillance, according to evidence in the Klein case.

    #Surveillance #USA #NSA #AT&T


  • Le Conseil constitutionnel a validé l’essentiel de la loi sur le renseignement (#pjlrenseignement), notamment sa mesure la plus controversée : les « boîtes noires ».
    http://www.conseil-constitutionnel.fr/conseil-constitutionnel/francais/les-decisions/acces-par-date/decisions-depuis-1959/2015/2015-713-dc/decision-n-2015-713-dc-du-23-juillet-2015.144138.html

    Trois dispositions ont cependant été censurées, dont une qui devait permettre aux services de renseignement, en cas « d’urgence opérationnelle », de déroger à l’autorité du premier ministre. Mais aussi de se passer de l’avis de la Commission nationale de contrôle des techniques de renseignement (#CNCTR), mise en place par cette loi. « Une atteinte manifestement disproportionnée au droit au respect de la vie privée et au secret des correspondances », selon le communiqué du Conseil constitutionnel.

    L’institution a rejeté une autre disposition relative aux mesures de surveillance internationale, jugeant ses contours trop flous – le texte ne définissait « ni les conditions d’exploitation, de conservation et de destruction des renseignements collectés (…), ni celles du contrôle par la CNCTR ». Le Conseil constitutionnel a par ailleurs censuré une troisième disposition, moins importante, relative au financement de la CNCTR, car elle relève, selon lui, de la loi de finances.

    http://www.lemonde.fr/pixels/article/2015/07/23/le-conseil-constitutionnel-censure-trois-articles-de-la-loi-sur-le-renseigne

    Lire Félix Treguer, « Feu vert à la surveillance de masse »
    http://www.monde-diplomatique.fr/2015/06/TREGUER/53056

    La loi autorise l’installation, sur les réseaux et les serveurs, de dispositifs destinés à scanner les trafics téléphonique et Internet en vue de détecter, à l’aide d’algorithmes tenus secrets, des communications suspectes en lien avec une menace terroriste. Sommé d’en dire plus lors des débats parlementaires, le ministre de la défense Jean-Yves Le Drian a expliqué qu’il s’agissait de repérer « des connexions à certaines heures, depuis certains lieux, sur certains sites ». Le directeur de la DGSE, M. Bernard Bajolet, a pour sa part indiqué que ses services souhaitaient y recourir pour déceler des « attitudes de clandestinité » (4), telles que l’utilisation de protocoles de chiffrement des communications — une technique que le Conseil de l’Europe recommande pour se protéger.

    Bien que le gouvernement s’en défende, les boîtes noires reposent nécessairement sur les technologies controversées d’« inspection des paquets en profondeur ». Ces outils occupent une place centrale dans plusieurs programmes de collecte massive de données. On sait depuis 2006 et les révélations du lanceur d’alerte Mark Klein, un ancien technicien de l’opérateur américain AT&T, que la NSA dispose de tels appareils aux Etats-Unis. Dès 2000, au Royaume-Uni, le gouvernement de M. Anthony Blair proposait au Parlement d’en autoriser l’usage au bénéfice du MI5, l’agence de renseignement intérieur. Face à la polémique, le choix avait été fait d’une disposition beaucoup plus générale relative aux équipements d’interception, dans le cadre du Regulation of Investigatory Powers Act. Mais, si l’utilisation de ces mouchards auscultant l’ensemble du trafic n’est malheureusement pas une nouveauté, le projet de loi permet en revanche à la France de rejoindre la Russie dans le club très fermé des pays où le droit les autorise expressément.

    Quoi qu’en dise le gouvernement, il s’agit bien d’une forme de #surveillance massive, même si, en définitive, seule une faible proportion des données fait l’objet d’analyses plus approfondies. [#st]

    http://zinc.mondediplo.net/messages/5281 via Le Monde diplomatique


  • Mass Surveillance in America: A Timeline of Loosening Laws and Practices
    http://projects.propublica.org/graphics/surveillance-timeline

    1978 Surveillance court created
    After a post-Watergate Senate investigation documented abuses of government surveillance, Congress passes the Foreign Intelligence Surveillance Act, or FISA, to regulate how the government can monitor suspected spies or terrorists in the U.S. The law establishes a secret court that issues warrants for electronic surveillance or physical searches of a “foreign power” or “agents of a foreign power” (broadly defined in the law). The government doesn’t have to demonstrate probable cause of a crime, just that the “purpose of the surveillance is to obtain foreign intelligence information.”

    The court’s sessions and opinions are classified. The only information we have is a yearly report to the Senate documenting the number of “applications” made by the government. Since 1978, the court has approved thousands of applications – and rejected just 11.

    Oct. 2001 Patriot Act passed
    In the wake of 9/11, Congress passes the sweeping USA Patriot Act. One provision, section 215, allows the FBI to ask the FISA court to compel the sharing of books, business documents, tax records, library check-out lists – actually, “any tangible thing” – as part of a foreign intelligence or international terrorism investigation. The required material can include purely domestic records.

    Oct. 2003 ‘Vacuum-cleaner surveillance’ of the Internet
    AT&T technician Mark Klein discovers what he believes to be newly installed NSA data-mining equipment in a “secret room” at a company facility in San Francisco. Klein, who several years later goes public with his story to support a lawsuit against the company, believes the equipment enables “vacuum-cleaner surveillance of all the data crossing the Internet – whether that be peoples’ e-mail, web surfing or any other data.”

    March 2004 Ashcroft hospital showdown
    In what would become one of the most famous moments of the Bush Administration, presidential aides Andrew Card and Alberto Gonzales show up at the hospital bed of John Ashcroft. Their purpose? To convince the seriously ill attorney general to sign off on the extension of a secret domestic spying program. Ashcroft refuses, believing the warrantless program to be illegal.

    The hospital showdown was first reported by the New York Times, but two years later Newsweek provided more detail, describing a program that sounds similar to the one the Guardian revealed this week. The NSA, Newsweek reported citing anonymous sources, collected without court approval vast quantities of phone and email metadata “with cooperation from some of the country’s largest telecommunications companies” from “tens of millions of average Americans.” The magazine says the program itself began in September 2001 and was shut down in March 2004 after the hospital incident. But Newsweek also raises the possibility that Bush may have found new justification to continue some of the activity.

    Dec. 2005 Warrantless wiretapping revealed
    The Times, over the objections of the Bush Administration, reveals that since 2002 the government “monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants.” The program involves actually listening in on phone calls and reading emails without seeking permission from the FISA Court.

    Jan. 2006 Bush defends wiretapping
    President Bush defends what he calls the “terrorist surveillance program” in a speech in Kansas. He says the program only looks at calls in which one end of the communication is overseas.

    March 2006 Patriot Act renewed
    The Senate and House pass legislation to renew the USA Patriot Act with broad bipartisan support and President Bush signs it into law. It includes a few new protections for records required to be produced under the controversial section 215.

    May 2006 Mass collection of call data revealed
    USA Today reports that the NSA has been collecting data since 2001 on phone records of “tens of millions of Americans” through three major phone companies, Verizon, AT&T, and BellSouth (though the companies level of involvement is later disputed.) The data collected does not include content of calls but rather data like phone numbers for analyzing communication patterns.

    As with the wiretapping program revealed by the Times, the NSA data collection occurs without warrants, according to USA Today. Unlike the wiretapping program, the NSA data collection was not limited to international communications.

    2006 Court authorizes collection of call data
    The mass data collection reported by the Guardian this week apparently was first authorized by the FISA court in 2006, though exactly when is not clear. Dianne Feinstein, D-Calif., chairwoman of the Senate intelligence committee, said Thursday, “As far as I know, this is the exact three-month renewal of what has been in place for the past seven years.” Similarly, the Washington Post quoted an anonymous “expert in this aspect of the law” who said the document published by the Guardian appears to be a “routine renewal” of an order first issued in 2006.

    It’s not clear whether these orders represent court approval of the previously warrantless data collection that USA Today described.

    Jan. 2007 Bush admin says surveillance now operating with court approval
    Attorney General Alberto Gonzales announces that the FISA court has allowed the government to target international communications that start or end in the U.S., as long as one person is “a member or agent of al Qaeda or an associated terrorist organization.” Gonzalez says the government is ending the “terrorist surveillance program,” and bringing such cases under FISA approval.

    Aug. 2007 Congress expands surveillance powers
    The FISA court reportedly changes its stance and puts more limits on the Bush administration’s surveillance (the details of the court’s move are still not known.) In response, Congress quickly passes, and President Bush signs, a stopgap law, the Protect America Act.

    In many cases, the government can now get blanket surveillance warrants without naming specific individuals as targets. To do that, the government needs to show that they’re not intentionally targeting people in the U.S., even if domestic communications are swept up in the process.

    Sept. 2007 Prism begins

    The FBI and the NSA get access to user data from Microsoft under a top-secret program known as Prism, according to an NSA PowerPoint briefing published by the Washington Post and the Guardian this week. In subsequent years, the government reportedly gets data from eight other companies including Apple and Google. “The extent and nature of the data collected from each company varies,” according to the Guardian.

    July 2008 Congress renews broader surveillance powers
    Congress follows up the Protect America Act with another law, the FISA Amendments Act, extending the government’s expanded spying powers for another four years. The law now approaches the kind of warrantless wiretapping that occurred earlier in Bush administration. Senator Obama votes for the act.

    The act also gives immunity to telecom companies for their participation in warrantless wiretapping.

    April 2009 NSA ‘overcollects’
    The New York Times reports that for several months, the NSA had gotten ahold of domestic communications it wasn’t supposed to. The Times says it was likely the result of “technical problems in the NSA’s ability” to distinguish between domestic and overseas communications. The Justice Department says the problems have been resolved.

    Feb. 2010 Controversial Patriot Act provision extended
    President Obama signs a temporary one-year extension of elements of the Patriot Act that were set to expire — including Section 215, which grants the government broad powers to seize records.

    May 2011 Patriot Act renewed, again
    The House and Senate pass legislation to extend the overall Patriot Act. President Obama, who is in Europe as the law is set to expire, directs the bill to be signed with an “autopen” machine in his stead. It’s the first time in history a U.S. president has done so.

    March 2012 Senators warn cryptically of overreach
    In a letter to the attorney general, Sens. Ron Wyden, D-Ore., and Mark Udall, D-Colo., write, “We believe most Americans would be stunned to learn the details” of how the government has interpreted Section 215 of the Patriot Act. Because the program is classified, the senators offer no further details.

    July 2012 Court finds unconstitutional surveillance
    According to a declassified statement by Wyden, the Foreign Intelligence Surveillance Court held on at least one occasion that information collection carried out by the government was unconstitutional. But the details of that episode, including when it happened, have never been revealed.

    Dec. 2012 Broad powers again extended
    Congress extends the FISA Amendments Act another five years, and Obama signs it into law. Sens. Wyden and Jeff Merkley, both Oregon Democrats, offer amendments requiring more disclosure about the law’s impact. The proposals fail.

    April 2013 Verizon order issued
    As the Guardian revealed this week, Foreign Intelligence Surveillance Court Judge Roger Vinson issues a secret court order directing Verizon Business Network Services to turn over “metadata” — including the time, duration and location of phone calls, though not what was said on the calls — to the NSA for all calls over the next three months. Verizon is ordered to deliver the records “on an ongoing daily basis.” The Wall Street Journal reports this week that AT&T and Sprint have similar arrangements.

    The Verizon order cites Section 215 of the Patriot Act, which allows the FBI to request a court order that requires a business to turn over “any tangible things (including books, records, papers, documents, and other items)” relevant to an international spying or terrorism investigation. In 2012, the government asked for 212 such orders, and the court approved them all.

    June 2013 Congress and White House respond
    Following the publication of the Guardian’s story about the Verizon order, Sens. Feinstein and Saxby Chambliss, R-Ga., the chair and vice of the Senate intelligence committee, hold a news conference to dismiss criticism of the order. “This is nothing particularly new,” Chambliss says. “This has been going on for seven years under the auspices of the FISA authority, and every member of the United States Senate has been advised of this.”

    Director of National Intelligence James Clapper acknowledges the collection of phone metadata but says the information acquired is “subject to strict restrictions on handling” and that “only a very small fraction of the records are ever reviewed.” Clapper alsoissues a statement saying that the collection under the Prism program was justified under the FISA Amendments of 2008, and that it is not “intentionally targeting” any American or person in the U.S.

    Statements from the tech companies reportedly taking part in the Prism program variously disavow knowledge of the program and merely state in broad terms they